In response to the recent Ronin blockchain attack that saw a whopping $615 million in crypto stolen, Beosin, a blockchain security audit, announced that they will be "tracing the whereabouts of the funds."
To add, the security audit also released a list of suggestions to help other cross-chain bridge projects improve their security.
Beosin Announces Investigation Into the Ronin Hack
In an official blog post by Beosin, the blockchain security audit platform, they will be investigating how the breach happened while trying to track where the funds went. The breach saw a total of 173,600 Ethereum (ETH) and 25.5 million USDC stolen from Ronin.
In response to the Ronin Network's tweet regarding the security breach, Beosin said that they will be looking into the exploit. Per a tweet by Wu Blockchain, it took a total of six days in order to discover that money was stolen due to the breach of five private keys.
Beosin will be looking into the exploit #Crypto #Ronin https://t.co/PDrLha5AVl
— Beosin 🛡 Blockchain Security (@Beosin_com) March 29, 2022
It took Ronin 6d to find out that money was stolen and 5 private keys were breached; the security agency Beosin's four recommendations for cross-chain projects, the multi-signature services must be logically isolated and have real time automatic alerts on abnormal transactions. https://t.co/h2AMHAQj41
— Wu Blockchain (@WuBlockchain) March 30, 2022
On top of Beosin's commitment to track down the hackers, the security audit also released a number of suggestions for other cross-chain bridge projects. These suggestions are reportedly given in order to help them improve their security.
Suggestions Given by Beosin for Cross-Chain Bridge Projects
First Suggestion
The first suggestion was for them to give more attention to their signature server's security. Through making sure sensitive information is kept in a secure storage, cross-chain bridge projects can avoid unnecessary vulnerabilities that can later on be used in exploits.
Second Suggestion
The second suggestion was should the cross-chain bridge projects' signature service go offline, the network has to update their security policy, close the functioning service models in correspondence, and also consider the risks of a compromised signature account address.
Third Suggestion
The third suggestion deals with multi-signature verification. Boeing says that the multi-signature service should be isolated logically while the verification process of the signature content has to happen independently.
The suggestion of Boesin is to make it impossible for subset verifiers to be able to request a signature directly from the verifiers itself. As per an official posting by Ronin, the Ronin chain currently has nine validator nodes.
With only nine validator nodes, this means that only five are needed in order to recognize a withdrawal. The hackers were able to gain control of four validators while employing a "third-party validator that was run by Axie DAO."
Read Also: Axie Infinity's Ronin Blockchain Suffered Hacker Breach, Over $625M Worth of Crypto Stolen
Last Advice Given
The last suggestion is that all transactions within the project should be monitored in real time and should also have real time alerts regarding "abnormal transactions."
Due to the fact that it took six days before Ronin was able to find out about the hack, notifications regarding the abnormal transactions might have been missed.
Related Article: KuCoin Token: Everything You Need To Know About the KCS Whitepaper
This article is owned by Tech Times
Written by Urian B.
